On Tue, Aug 17, 2010 at 1:02 AM, Greg Rundlett (freephile)
g...@freephile.com wrote:
I just want to add for those who may be interested in iptables, but not
wanting to get into the intricacies, you can try firestarter [1] or it's
successor gui app called ufw [2] (in Ubuntu)
[1]
Suggestion: suppose you have setup your system with a uid that is
protected by some iptables rules (call this UNTRUSTED), and futhermore
also suppose that the binary that you really want to protect against
is called DOCREADER.
Well, then, you might want to consider replacing every occurence of
At least on my Debian box there's a logkeys package available
that might serve if you can maybe find a way to tail its output
in an on-screen window during your presentation. Here's a fragment
of example output it captured while I was composing this email
with vi as launched from exmh:
Do other users need to be on the same system w/o restrictions?
If not, I'd create a VM (or physical system if you have $$) with its
own firewall and only that user. Block everything in/out except
what's needed. Run only that app in there. If some sites are
allowed, add a proxy to restrict
On Tue, Aug 17, 2010 at 11:26 AM, Tom Buskey t...@buskey.name wrote:
Do other users need to be on the same system w/o restrictions?
It sounds like what he really wants to do is sandbox an untrusted application.
For example, if you don't trust Adobe Reader, you might want to deny
all network
On Tue, Aug 17, 2010 at 8:43 AM, Kevin D. Clark
kevin_d_cl...@comcast.net wrote:
Well, then, you might want to consider replacing every occurence of
the DOCREADER binary on your system's disk with a script that
basically does this:
#!/bin/sh
exec sudo -u UNTRUSTED DOCREADER-original $...@}
On 08/17/2010 09:06 AM, Michael ODonnell wrote:
At least on my Debian box there's a logkeys package available
that might serve if you can maybe find a way to tail its output
in an on-screen window during your presentation.
I like the idea of tailing a keylogger to display keystrokes. Pretty
Benjamin Scott writes:
On Tue, Aug 17, 2010 at 8:43 AM, Kevin D. Clark
Well, then, you might want to consider replacing every occurence of
the DOCREADER binary on your system's disk with a script that
basically does this:
#!/bin/sh
exec sudo -u UNTRUSTED DOCREADER-original $...@}
On 17 Aug 2010 08:43:35 -0400
kevin_d_cl...@comcast.net (Kevin D. Clark) wrote:
Suggestion: suppose you have setup your system with a uid that is
protected by some iptables rules (call this UNTRUSTED), and futhermore
also suppose that the binary that you really want to protect against
is
On Tue, Aug 17, 2010 at 2:31 PM, Bill Sconce sco...@in-spec-inc.com wrote:
(*) Sorry, Windows users. The tools you need just aren't
available on Windows.
Windows NT certainly has user accounts. Always has, since the first
version (Version 3.0). (NT is today called Windows 7, and has
On Tue, Aug 17, 2010 at 5:22 PM, David Hardy belovedbold...@gmail.com wrote:
And we all know, I think, that Windows NT was created for Microsoft by Dave
Cutler, former developer of RSX and VMS ..
And Cutler moved to Microsoft because DEC just wanted to
maintain/extend VMS, while Cutler wanted
Very interesting, and additional information that I was not aware of,
naturally. For a short while, maybe nine years ago, I had an office with an
Alpha machine that was running OpenVMS 6.something, and then when my
managers found out that it could run NT, they made me change it to NT. I
wish now
Ben,
From an admittedly faulty and ever-aging memory of events:
And Cutler moved to Microsoft because DEC just wanted to
maintain/extend VMS, while Cutler wanted to write a new OS (MICA)
for the new hardware architecture (PRISM) that was being designed.
Microsoft needed a better OS (where
David,
Unfortunately the site you mention:
http://www.alphant.com/
has a FAQ that is wrong:
http://www.alphant.com/ant_faq.shtml#64bits
Alpha NT never supported a 64-bit virtual address space. I seem to
remember that Digital offered that code to Microsoft in 1992, but
Microsoft turned it
On Tue, Aug 17, 2010 at 6:36 PM, Jon 'maddog' Hall mad...@li.org wrote:
Cutler wanted to leave Massachusetts and live in Washington State a long
time before that. KO wanted to keep him on board, so allowed him to set
up an advanced development facility in Belleview, overlooking the
Olympic
On 08/17/2010 07:56 PM, Jarod Wilson wrote:
On Tue, Aug 17, 2010 at 6:36 PM, Jon 'maddog' Hallmad...@li.org wrote:
Cutler wanted to leave Massachusetts and live in Washington State a long
time before that. KO wanted to keep him on board, so allowed him to set
up an advanced development
maddog, et. al.
Thanks much for that additional history. I am filing it as notes for my
eventual 'autobiography' accordingly.
I also remember reading Terry Shannon's 'Charlie Matco' columns back then
and I believe I even corresponded with him once or twice. May he indeed,
fellow 'Nam vet (we
On Tue, 17 Aug 2010 11:35:59 -0400
Benjamin Scott dragonh...@gmail.com wrote:
It sounds like what he really wants to do is sandbox an untrusted
application.
For example, if you don't trust Adobe Reader, you might want to deny
all network I/O to it.
That's it.
[A virtual machine
David,
His web site exists here:
http://www.shannonknowshpc.com/
It must be residing on a PRO 350 running an early version of V7M-11 (nee
Ultrix-11)it took such a long time to load, but was definitely worth
the wait.
Thanks again for the memories.
md
P.S. My note about Terry from that
On Tue, 17 Aug 2010 17:01:50 -0400
Benjamin Scott dragonh...@gmail.com wrote:
On Tue, Aug 17, 2010 at 2:31 PM, Bill Sconce sco...@in-spec-inc.com wrote:
(*) Sorry, Windows users. The tools you need just aren't
available on Windows.
Windows NT certainly has user accounts. Always
Yep, took a long time to load for me, too. Could be on a VAXstation 3100 or
a MicroVAX.
In Heaven he will have his choice of computers and a data center to put them
in and his own printing press to explain it all to the other denizens. Only
a year older than me and already gone these past five
Anybody have experience with a PCI-based dual-interface NIC that does
hardware bridging? This would be for a traffic monitoring application,
so the host cpu must be able to snoop traffic. Software bridging is
not feasible.
Thanks for any pointers.
--
Brian St. Pierre
The only host-based thing I've seen for something like that are the Endace
DAG cards. They tout 100% packet capture since they take all the processing
off the host CPU. They are not cheap though...I think it was like 6000$ for
a dual port.
On Tue, Aug 17, 2010 at 11:20 PM, Brian St. Pierre br...@bstpierre.org wrote:
Anybody have experience with a PCI-based dual-interface NIC that does
hardware bridging? This would be for a traffic monitoring application ...
Not what you asked for, but: Would it be feasible to use a small
24 matches
Mail list logo
